Skip to content

Releases: DataBoar/data-boar

Data Boar 1.7.4 GA (xkcd 2¹⁰)

Choose a tag to compare

@FabioLeitao FabioLeitao released this 26 Jun 17:13
v1.7.4
f5f0dcb

Release 1.7.4

Status: Released (2026-06-26) — merge via PR #1024 (xkcd 2¹⁰); tag v1.7.4, GitHub Release, and Docker Hub publish follow operator release-ritual post-merge. #970 = premature stable attempt without gate — does not VOID this release (ADR-0072, ADR-0073). maturity_build = 201 side-channel (#976).

Public version: 1.7.4 · ADR-0073 Accepted · release gate #406 closed in this train.

Historic RC ladder: 1.7.4-rc.md · 1.7.4-rc-2 working line before this GA.


Highlights

  • Maestro Linux-port (gate #704): Handle-LicensingMatrix.ps1 now runs correctly on pwsh-Linux — -WindowStyle Hidden guarded by $IsWindows; Start-Process wrapped in try/catch to propagate spawn failures; locale-independent redirect detection via HTTP status code (#827, #818, #820).
  • Licensing matrix enforced (community / pro / enterprise): Stop-MatrixApiProcess cross-platform; no port collision between tiers on Linux (#820).
  • Completão smoke gate machine-verifiable: all 10 handlers write /tmp/databoar_handler/<persona>_sentinel.txt with the actual bash exit code; Wait-HandlerSentinel.ps1 polls and aggregates real pass/fail (#831).
  • Safe tmux payload injection: base64-encoded payloads + -Ref allowlist in all 10 handlers — eliminates shell-quoting injection risks (#830).
  • Security hardening (#825): hmac.compare_digest for API key and MAC comparison (timing-safe); Chart.js vendored (api/static/), CSP script-src 'self'; rsync excludes .env/.env.*; Maestro.ps1 exits non-zero on real handler failures.
  • 5th lab host registered: alpine emachines E527 added to manifest and documentation (#821).
  • Maestro / completão Deep smoke: lab-completao-host-smoke.sh accepts --bench-config PATH; Docker, Podman, Swarm, LXD, and MicroK8s handlers pass --bench-config before --lab-stack-up (#404, #408).

Unreleased changelog source (dense / pre-move from root CHANGELOG)

The root CHANGELOG.md Unreleased section follows Keep a Changelog categories for scanability; this subsection retains the older long-form bullets for operators who need paths, rollback hints, and cross-links in one place.

  • Config redaction: config/redact_config.py uses substring key matching (with token_url allowlist) so compound keys like telegram_bot_token and file_passwords redact on GET /config#622.
  • Man page (data_boar.5): document locale block and unified patterns_plugin_file section — #444, #431.
  • Issue queue / PMO: refresh PLANS_TODO.md triage snapshot (135 open, head-of-queue P1 man + #483; P0 only #606 product scope).
  • Governance docs: Contributor Covenant 2.1 in CODE_OF_CONDUCT (+ pt-BR); refresh TERMS_OF_USE and PRIVACY_POLICY (+ pt-BR) for 1.7.4-rc, tier matrix cross-links, optional dashboard auth, and maturity-assessment local storage — closes #419, #423, #424.
  • Legacy DB module filename: db/databasse.py renamed to db/database.py so filesystem paths match sonar-project.properties exclusions and operator mental model (GitHub #488).
  • Release candidate (working line): bump 1.7.4-rc on main (pyproject.toml, man .TH, hybrid lab image defaults, PUBLISHED_SYNC reconciliation); draft GitHub pre-release checklist in docs/releases/1.7.4-rc.mdno Docker Hub latest move until 1.7.4 final.
  • Maestro / completão (Deep benchmark argv): scripts/lab-completao-host-smoke.sh parses --bench-config; container handlers (Docker, Podman, Swarm, LXD, MicroK8s) pass that flag before --lab-stack-up so Deep smoke no longer hits exit 2 on unknown args (issues #404, #408). Draft stable checklist: docs/releases/1.7.4.md.
  • Lab lessons public archive: docs/ops/lab_lessons_learned/ dated snapshots + hub LAB_LESSONS_LEARNED.md contract (ADR 0042); situational .cursor/rules/lab-lessons-learned-archive.mdc; session token lab-lessons in session-mode-keywords.mdc; cold-start ladder, policy hubs, LAB_COMPLETAO_RUNBOOK, PLANS_TODO Integration row, and phase-2 situationalization inventory updated.
  • SQL sampling (SRE + audit posture): Shared builders in connectors/sql_sampling (tagged SQL, dialect hints), connectors/sql_table_row_estimate for metadata-first row caps, optional per-statement timeouts and inter_query_delay_ms on SQLConnector / Snowflake, core/sampling_policy for YAML overrides, and filesystem SQLite path integration. See ADR 0043 and PLAN_SQL_SAMPLING_SRE_AND_AUDIT_EVIDENCE.md.
  • Lab hybrid completão: scripts/lab-completao-orchestrate-hybrid-v173.ps1 resolves sshHost + first repoPaths from the lab manifest; LAB-NODE-02 scan dir prefers /home/leitao/Documents then /home/leitao/documents; LAB-NODE-01 / LAB-NODE-03 / lab-node-02 use tmux send-keys -t completao when that session exists, else ssh … bash -lc podman/docker; LAB-NODE-04 passive uses the repo clone path for .venv; image fabioleitao/data_boar:1.7.3.
  • Docs / quality gates: docs/TESTING_POC_GUIDE.md and docs/TROUBLESHOOTING_MATRIX.md — unique pseudo-headings (MD024); .cursor/rules/public-tracked-pii-zero-tolerance.mdc — LinkedIn placeholder uses <placeholder-slug> so tests/test_pii_guard.py does not treat the comma-terminated /in/example sample as a real slug.
  • Developer ergonomics (Windows / PowerShell): CONTRIBUTING (EN + pt-BR) documents correct Activate.ps1 venv activation and the not recognized failure when invoking Scripts\activate without .ps1; tests/test_pwsh_venv_activate_docs.py guards tracked .md / .mdc from reintroducing the bad .venv…Scripts…activate path pattern.
  • Ops docs: docs/ops/CURSOR_RULES_PHASE2_SITUATIONALIZATION.md (+ pt-BR) — Tier A inventory, Tier B/C backlog, why locale + docker-local-smoke-cleanup stay strongly always-on, pros/cons, and a 13-step reproducible ritual for the next situationalization batch (token-aware follow-up).
  • Cursor rules (phase 2 — plans / Sonar MCP / study cadence): plans-status-pl-sync.mdc, plans-archive-on-completion.mdc, sonarqube_mcp_instructions.mdc, and study-cadence-reminders.mdc are situational (alwaysApply: false) with narrow globs; session tokens sonar-mcp / study-check (and scope tokens docs / feature / houseclean / backlog for plan drift) plus @… latches bind them in fresh threads — docker-local-smoke-cleanup.mdc stays alwaysApply: true (short, high-frequency smoke/prune guidance; release sequencing is already situational). Cold-start ladder (EN/pt-BR), session-mode-keywords, AGENTS.md, CURSOR_AGENT_POLICY_HUB, and OPERATOR_SESSION_SHORTHANDS updated. Rollback: git revert the commit or restore the four rules from git show <parent>:.cursor/rules/<name>.mdc.
  • Cursor rules (phase 2 — release publish sequencing): release-publish-sequencing.mdc is situational (alwaysApply: false) with narrow globs on VERSIONING, docs/releases/**, Docker Hub / image order / PUBLISHED_SYNC, scripts/docker-lab-build.ps1, docker-prune-local.ps1, scripts/docker/README.md, and docker-smoke-container-hygiene skill; session token release-ritual and @release-publish-sequencing.mdc bind it in fresh threads — docker-local-smoke-cleanup.mdc stays alwaysApply: true. Cold-start ladder (EN/pt-BR), session-mode-keywords, AGENTS.md, VERSIONING (+ .pt_BR.md), CURSOR_AGENT_POLICY_HUB, OPERATOR_SESSION_SHORTHANDS, and docker-local-smoke-cleanup cross-links updated. Rollback: git revert the commit or git show <parent>:.cursor/rules/release-publish-sequencing.mdc.
  • Cursor rules (phase 2 — Everything / es-find): everything-es-cli.mdc is situational (alwaysApply: false) with narrow globs on scripts/es-find.ps1, EVERYTHING_ES_*, WINDOWS_FAST_CLI_WRAPPERS.*, and everything-es-search skill; session token es-find and @everything-es-cli.mdc bind it in fresh threads — windows-pcloud-drive-search-discipline.mdc stays alwaysApply: true for P: / huge-tree discipline. Cold-start ladder (EN/pt-BR), session-mode-keywords, AGENTS.md, CURSOR_AGENT_POLICY_HUB, OPERATOR_SESSION_SHORTHANDS, and windows-pcloud-drive-search-discipline cross-links updated.
  • Cursor rules (phase 2 — docs/private/ workspace cues): docs-private-workspace-context.mdc is situational (alwaysApply: false) with globs on PRIVATE_OPERATOR_NOTES, AGENTS.md, docs/private.example/**, PRIVATE_STACK_SYNC_RITUAL, PRIVATE_LOCAL_VERSIONING, and **`s...
Read more

v1.7.4-rc (pre-release)

Pre-release

Choose a tag to compare

@FabioLeitao FabioLeitao released this 11 May 00:58
d0fe0d9

Pre-release 1.7.4-rc / tag v1.7.4-rc (candidate — not stable Docker marketing)

Kind: GitHub pre-release (non-production) — use the Set as a pre-release checkbox in the web UI, or gh release create … --prerelease.

Working version string: 1.7.4-rc in pyproject.toml (PEP 440: 1.7.4rc1 when normalized by tooling).

Published stable baseline (unchanged for customers): 1.7.3 / Git tag v1.7.3 / Docker fabioleitao/data_boar:1.7.3 + latest until 1.7.4 final publish per VERSIONING.md and release-publish-sequencing (situational rule).


Intent

  • Signal release-candidate readiness for 1.7.4 on main (docs/tests/orchestration alignment) without treating 1.7.4-rc as the consumer latest on Docker Hub.
  • Keep Hub marketing copy refresh (docs/ops/DOCKER_HUB_REPOSITORY_DESCRIPTION.md) aligned to stable semver publishes unless you explicitly advertise an RC image.

GitHub Release (pre-release)

After the version bump commit is on main:

git tag -a v1.7.4-rc -m "v1.7.4-rc: pre-release candidate"
git push origin main
git push origin v1.7.4-rc
gh release create v1.7.4-rc --prerelease --title "v1.7.4-rc (pre-release)" --notes-file docs/releases/1.7.4-rc.md

Web UI parity: enable Set as a pre-release; disable Set as the latest release so v1.7.3 remains the Latest stable pointer.

Verify:

gh release view v1.7.4-rc --json isPrerelease,name,url

Docker (optional lab tag only)

Default posture for this milestone: do not publish fabioleitao/data_boar:1.7.4-rc to Docker Hub unless you intentionally want a pullable RC. If you do, still treat it as pre-release in communications and keep latest on 1.7.3 until 1.7.4 final.


After v1.7.4-rc (toward 1.7.4)

  1. Finish validation (CI green, operator lab evidence, release notes for 1.7.4).
  2. Bump pyproject.toml to 1.7.4 (final, no suffix) on the commit you will tag.
  3. Follow stable publish order: v1.7.4 tag → GitHub Release (not pre-release) → Docker 1.7.4 + latest → refresh PUBLISHED_SYNC (+ pt-BR).

v1.7.3: Stable Baseline

Choose a tag to compare

@FabioLeitao FabioLeitao released this 22 Apr 19:01

Standard release following the 1.7.2-safe security milestone.

Full Changelog: v1.7.1...v1.7.3

v1.7.2-safe: The Clean Slate

Choose a tag to compare

@FabioLeitao FabioLeitao released this 22 Apr 17:48

Changelog

Human-readable summary of user-facing changes. Detailed release notes: docs/releases/ (full checklists, Docker publish commands, GitHub Release text).

Unreleased (main)

  • Next working line: 1.7.3-beta (or next planned pre-release) on main per VERSIONING.md after publish choreography (maintainers: release-publish-sequencing rule in-repo).

1.7.2+safe (2026-04-22) — Security & Sanitization (Golden / Clean Slate)

Distribution milestone. Package version 1.7.2+safe is PEP 440 (local segment safe); Git and Docker Hub use tag v1.7.2-safe for parity with the validated slim image.

  • Sanitized publish surface: Docker Hub now standardises on fabioleitao/data_boar:v1.7.2-safe and latest (single digest); all prior Hub tags for this repository were removed — do not pin deprecated tags in runbooks.
  • Git / history narrative: Positions the repo after PII-sensitive history remediation; external consumers should clone from v1.7.2-safe onward for the clean baseline story.
  • Feature baseline: Same application line as 1.7.1 plus subsequent main development (WebAuthn phases, RBAC #86 Phase 2, data-soup Tier 1 + stego hints, etc.); see 1.7.1 below for feature notes. Full operator checklist: docs/releases/1.7.2-safe.md.

Carryover (was 1.7.2-beta on main before this tag)

  • Dashboard auth (Phase 1a — WebAuthn JSON core): Optional api.webauthn + DATA_BOAR_WEBAUTHN_TOKEN_SECRETADR 0033, tests/test_webauthn_rp.py, scripts/smoke-webauthn-json.ps1 + SMOKE_WEBAUTHN_JSON.md. Default disabled.
  • Dashboard auth (Phase 1b — HTML session + CSRF minimal): WebAuthn session + CSRF on gated routes — tests/test_webauthn_html_gate.py, tests/test_html_csrf.py.
  • Dashboard RBAC (Phase 2 — GitHub #86): Optional api.rbac.enabledtests/test_rbac.py. Phase 3 (enterprise SSO/OIDC) remains future work.
  • Filesystem “data soup” Tier 1 + stego hints: SUPPORTED_EXTENSIONS + file_scan.scan_for_stego / CLI --scan-stego; import fix in connectors/filesystem_connector._read_text_sample for RICH_MEDIA_SCAN_EXTENSIONS.

1.7.1 (2026-04-21)

  • Scope import (CSV): scripts/scope_import_csv.py + config/scope_import_csv.py emit a YAML targets fragment from a canonical CSV for operator review and merge; see USAGE.md, deploy/scope_import.example.csv, docs/ops/SCOPE_IMPORT_QUICKSTART.md, PLAN_SCOPE_IMPORT_FROM_EXPORTS.md.
  • Ops (maturity POC): docs/ops/SMOKE_MATURITY_ASSESSMENT_POC.md (+ pt-BR) documents autonomous pytest smoke (scripts/smoke-maturity-assessment-poc.ps1) and manual browser/integrity steps for the POC ready checklist; indexed from docs/ops/README.md.
  • Dashboard (maturity POC): GET /{locale}/assessment shows a recent submissions table (per batch, newest first) when the SQLite DB has stored answers; links reuse the post-submit summary URL and CSV export. Documented in ADR 0032. Per-tenant RBAC for this list remains #86 follow-up.
  • Licensing / maturity POC: API tests assert licensing.mode: enforced + JWT dbtier (community vs pro) gates /{locale}/assessment (and export) consistent with YAML effective_tier override — see tests/test_api_assessment_poc.py (test_assessment_enforced_jwt_dbtier_*).

1.7.0 (2026-04-17)

  • Minor release: detector format hints (REST JSON scalars, email/UUID VARCHAR hints), HEIC / Apple images when optional deps are present; reporting/security fixes (heatmap path guard, report import hygiene).
  • Compliance & docs: GLOSSARY and COMPLIANCE_AND_LEGAL expanded (US healthcare adjacency, Wabbix/WRB, VBA disambiguation, minors/criminal-record context — not legal conclusions); alignment with ADR 0025 evidence positioning.
  • Repository: PII guards, CI/deps, Semgrep/Bandit posture; operator Ansible/homelab scripts and runbooks (see docs/releases/1.7.0.md for full checklist).

1.6.8 (2026-04-02)

  • Ops automation: added reusable token-aware wrappers for session bootstrap, progress snapshots, and external review package generation (scripts/auto-mode-session-pack.ps1, scripts/progress-snapshot.ps1, scripts/external-review-pack.ps1).
  • Review reliability: hardened Gemini bundle verification logic to avoid false mismatches when marker-like text appears inside documentation examples (scripts/export_public_gemini_bundle.py).
  • Runbooks and governance: expanded today/next-day/carryover discipline, reinforced Wabbix/Gemini source-of-truth framing, and added Time Machine USB recovery and repurpose playbook for urgent storage/backup recovery.
  • Hardening and lab-op docs: integrated LMDE/T14 and Ansible hardening baselines, validation checklists, and CAPEX/OPEX planning outputs aligned to current roadmap.

1.6.7 (2026-03-25)

  • Removed legacy run.py. Use python main.py only, with the correct bind flags (--host, api.host, API_HOST) and dashboard transport (--https-cert-file / --https-key-file, or --allow-insecure-http / api.allow_insecure_http). See docs/releases/1.6.7.md and docs/USAGE.md.
  • Docs / tooling: docs/USAGE.md (+ pt-BR), sonar-project.properties, docs/plans/completed/NEXT_STEPS.md updated accordingly.

Earlier versions

See docs/releases/ (e.g. 1.6.6.md, 1.6.5.md, …).

Full Changelog: v1.7.1...v1.7.2-safe

1.7.1

Choose a tag to compare

@FabioLeitao FabioLeitao released this 20 Apr 19:41

Release 1.7.1

Release date: 2026-04-21 (publish).

Version string: 1.7.1build bump from 1.7.0 (VERSIONING.md): scope import from CSV, maturity POC operator smoke path, and licensing/assessment test hardening.


Highlights

  • Scope import (CSV): scripts/scope_import_csv.py + config/scope_import_csv.py emit a YAML targets fragment from a canonical CSV for review and merge; USAGE.md, deploy/scope_import.example.csv, SCOPE_IMPORT_QUICKSTART.md (EN + pt-BR).
  • Maturity self-assessment POC: Operator runbook SMOKE_MATURITY_ASSESSMENT_POC.md + scripts/smoke-maturity-assessment-poc.ps1; recent batches table and export paths documented (ADR 0032).
  • Licensing / assessment: API tests for licensing.mode: enforced + JWT dbtier gating /{locale}/assessment (community vs pro) — see tests/test_api_assessment_poc.py.

Changes since 1.7.0

  • Non-breaking config/operator additions; no intentional breaking API/config contract changes — validate custom configs as usual after upgrade.

Bump type

From To Rule (VERSIONING.md)
1.7.0 1.7.1 Build — patch-style bundle on same minor

How to get 1.7.1

  • From source: uv sync at 1.7.1 on main (or install from Git tag v1.7.1).
  • Docker: docker pull fabioleitao/data_boar:1.7.1 (and latest after Hub publish).

Build and push Docker image

From repo root, on main at 1.7.1 (first commit of the release PR, before the 1.7.2-beta bump), after tests pass:

.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
docker tag data_boar:lab fabioleitao/data_boar:1.7.1
docker tag data_boar:lab fabioleitao/data_boar:latest
docker push fabioleitao/data_boar:1.7.1
docker push fabioleitao/data_boar:latest

Paste Short + Full repository description from docs/ops/DOCKER_HUB_REPOSITORY_DESCRIPTION.md into Docker Hub Edit after push.


Publish (tag + GitHub Release)

After the 1.7.1 version bump is on main (tag the commit that still has version = "1.7.1" in pyproject.toml, not the follow-up 1.7.2-beta commit):

git pull origin main
git log --oneline -5
# identify SHA of chore(release): 1.7.1 commit
git tag v1.7.1 <SHA>
git push origin v1.7.1
gh release create v1.7.1 --notes-file docs/releases/1.7.1.md --title "1.7.1"

After publish: verify

  1. GitHub: Release v1.7.1 and tag point to the 1.7.1 commit.
  2. Docker Hub: Tags 1.7.1 and latest pullable; repository description matches this repo.
  3. README (EN + pt-BR): Current release = 1.7.1 (published); working tree may show 1.7.2-beta on main after the development bump.
  4. Published sync: docs/ops/today-mode/PUBLISHED_SYNC.md + .pt_BR.md updated.
  5. Optional: docker scout quickview fabioleitao/data_boar:1.7.1.

What's Changed

  • docs: legal pt-BR, licensing tiers ADR 0027, README pitch, today-mode eod by @FabioLeitao in #190
  • chore(deps): S0 trust burst — pip lock, Actions SHAs by @FabioLeitao in #195
  • docs: Data Boar branding + legacy PyPI install identity by @FabioLeitao in #197
  • docs(ops): lab completão — SSHFS, WebDAV, iSCSI patterns by @FabioLeitao in #198
  • chore: PyPI distribution id data-boar (complete rename vs #197) by @FabioLeitao in #199
  • docs(workflow): morning readiness ladder in day ritual by @FabioLeitao in #201
  • deps(pip): bump the pip-minor-patch group across 1 directory with 22 updates by @dependabot[bot] in #200
  • test(workflow): dependency lock/export guards + ADR 0030 closure docs by @FabioLeitao in #202
  • docs(cursor): agent session ritual (sync main + private stack) by @FabioLeitao in #203
  • docs(cursor): PR/merge only when slice warrants it by @FabioLeitao in #204
  • feat(maturity): GRC self-assessment POC, plan archive, lab JWT by @FabioLeitao in #207
  • feat(api): maturity rubric scoring, CSV/MD export, and plan sequencing by @FabioLeitao in #208
  • feat(config): scope import CSV to YAML targets fragment by @FabioLeitao in #209

Full Changelog: v1.7.0...v1.7.1

1.7.0

Choose a tag to compare

@FabioLeitao FabioLeitao released this 17 Apr 02:11

Release 1.7.0

Release date: 2026-04-17 (planned publish).

Version string: 1.7.0minor bump from 1.6.8 (VERSIONING.md): detector and compliance documentation advances, security hardening, and operator tooling accumulated on main.


Highlights

  • Detector (format intelligence): REST JSON scalar types for connector format hints; extended email VARCHAR length hints; UUID-shaped VARCHAR hints; HEIC / Apple image path with pillow-heif and magic-byte routing where enabled.
  • Reporting / security: Heatmap embed path guard; import hygiene in report generator; ongoing CodeQL / PII-guard alignment for public-tree safety.
  • Compliance & glossary: Expanded GLOSSARY (EN + pt-BR): Stark Law, HCP, CPML context, HHS vs HSS, minor data and risk, Wabbix/WRB, VBA (value-based agreement vs Office VBA); COMPLIANCE_AND_LEGAL positioning (PEP/KYC, criminal-record context, joint delivery, HIPAA adjacency).
  • Repository hygiene: PII history guards, pre-commit alignment, Dependabot merges, CI Action pins, Semgrep/Bandit posture; extensive ops / Ansible / homelab scripts (operator-facing; does not change core scanner contract alone).

Changes since 1.6.8

  • Minor-feature track for connector-driven format hints and richer file-type coverage (HEIC).
  • Non-breaking security and documentation updates; no intentional breaking API/config changes — validate custom configs as usual after upgrade.

Bump type

From To Rule (VERSIONING.md)
1.6.8 1.7.0 Minor — new backward-compatible capabilities

How to get 1.7.0

  • From source: uv sync at 1.7.0 on main.
  • Docker: docker pull fabioleitao/data_boar:1.7.0 (and optionally :latest after Hub publish).

Build and push Docker image

From repo root, on main at 1.7.0, after tests pass:

.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
docker tag data_boar:lab fabioleitao/data_boar:1.7.0
docker tag data_boar:lab fabioleitao/data_boar:latest
docker push fabioleitao/data_boar:1.7.0
docker push fabioleitao/data_boar:latest

Paste Short + Full repository description from docs/ops/DOCKER_HUB_REPOSITORY_DESCRIPTION.md into Docker Hub Edit after push.


Publish (tag + GitHub Release)

After this version is on main:

git pull origin main
git tag v1.7.0
git push origin v1.7.0
gh release create v1.7.0 --notes-file docs/releases/1.7.0.md --title "1.7.0"

After publish: verify

  1. GitHub: Release v1.7.0 and tag point to the intended commit.
  2. Docker Hub: Tags 1.7.0 and latest available and pullable; repository description matches this repo (no stale semver).
  3. README (EN + pt-BR): “Current release” = 1.7.0.
  4. Published sync: docs/ops/today-mode/PUBLISHED_SYNC.md + .pt_BR.md updated.
  5. Optional: docker scout quickview fabioleitao/data_boar:1.7.0 — base-image CVEs may remain no-fix until Debian python:*-slim refresh (document exceptions as needed).

What's Changed

  • docs(ops): PII public tree guide, pytest guard, PII tooling by @FabioLeitao in #175
  • fix(security): redact public today-mode and PII guide placeholders by @FabioLeitao in #176
  • chore(deps): bump cryptography from 46.0.6 to 46.0.7 in the uv group across 1 directory by @dependabot[bot] in #177
  • chore: operator workflow sync (cursor, scripts, docs, guards) by @FabioLeitao in #178
  • ci(actions): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in #179
  • ci(actions): bump astral-sh/setup-uv from 94527f2e458b27549849d47d273a16bec83a01e9 to 37802adc94f370d6bfd71619e3f0bf239e1f3b78 by @dependabot[bot] in #180
  • deps(pip): bump the pip-minor-patch group with 13 updates by @dependabot[bot] in #181
  • deps(pip): bump starlette from 0.52.1 to 1.0.0 by @dependabot[bot] in #182
  • deps(pip): bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 by @dependabot[bot] in #183
  • chore(deps): bump pypdf from 6.9.2 to 6.10.0 in the uv group across 1 directory by @dependabot[bot] in #184
  • chore(deps): bump pillow from 12.1.1 to 12.2.0 in the uv group across 1 directory by @dependabot[bot] in #185
  • chore(deps): bump pytest from 9.0.2 to 9.0.3 in the uv group across 1 directory by @dependabot[bot] in #186
  • chore(deps): bump pypdf from 6.10.0 to 6.10.1 in the uv group across 1 directory by @dependabot[bot] in #187
  • chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in the uv group across 1 directory by @dependabot[bot] in #188

Full Changelog: v1.6.8...v1.7.0

1.6.8

Choose a tag to compare

@FabioLeitao FabioLeitao released this 02 Apr 01:28

Release 1.6.8

Release date: 2026-04-02 (published).

Version string: 1.6.8 published as Git tag + GitHub Release + Docker Hub tag, aligned with VERSIONING.md.


Highlights

  • Token-aware ops pack: new wrappers for reproducible session flow with lower cognitive load and lower token overhead:
    • scripts/auto-mode-session-pack.ps1
    • scripts/progress-snapshot.ps1
    • scripts/external-review-pack.ps1
  • Gemini bundle integrity fix: scripts/export_public_gemini_bundle.py --verify now validates sequentially and avoids false mismatches caused by marker-like content in docs examples.
  • Storage urgency support: added Time Machine USB recovery + repurpose runbooks (EN + pt-BR) for P0 backup workflows:
    • docs/ops/TIME_MACHINE_USB_RECOVERY_AND_REPURPOSE.md
    • docs/ops/TIME_MACHINE_USB_RECOVERY_AND_REPURPOSE.pt_BR.md
  • Ops discipline and roadmap continuity: updated two-week execution plan, next-day checklist, and carryover queues with release gate, external review loops (WRB/Gemini), and anti-chaos rituals.

Changes since 1.6.7

  • Expanded ops/runbook surface for token-aware automation and release safety.
  • Added concrete founder/profile guidance in private commercial docs (LinkedIn/ATS, public-safe evidence narrative).
  • Added or refined CAPEX/OPEX, governance, and decision-maker documentation slices linked to current planning fronts.

Bump type

From To Rule (VERSIONING.md)
1.6.7 1.6.8 Build (patch) — same major/minor, +1 build

How to get 1.6.8

  • From source: uv sync at 1.6.8 on main.
  • Docker: docker pull fabioleitao/data_boar:1.6.8 (and optionally :latest).

Build and push Docker image

From repo root, on main at 1.6.8, after tests pass:

.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
docker tag data_boar:lab fabioleitao/data_boar:1.6.8
docker tag data_boar:lab fabioleitao/data_boar:latest
docker push fabioleitao/data_boar:1.6.8
docker push fabioleitao/data_boar:latest

Publish (tag + GitHub Release)

After this version is on main:

git pull origin main
git tag v1.6.8
git push origin v1.6.8
gh release create v1.6.8 --notes-file docs/releases/1.6.8.md --title "1.6.8"

After publish: verify

  1. GitHub: Release v1.6.8 and tag point to the intended commit.
  2. Docker Hub: Tags 1.6.8 and latest available and pullable.
  3. README (EN + pt-BR): “Current release” = 1.6.8.
  4. Published sync: docs/ops/today-mode/PUBLISHED_SYNC.md + .pt_BR.md updated.

Full Changelog: v1.6.7...v1.6.8

1.6.7

Choose a tag to compare

@FabioLeitao FabioLeitao released this 26 Mar 12:47

Release 1.6.7

Release date: 2026-03-26 (published).

Version string: 1.6.7 published as Git tag + GitHub Release + Docker Hub tag, aligned with VERSIONING.md.


Highlights

  • CLI: Removed legacy run.py. The supported entry point is python main.py (or uv run python main.py) for one-shot audits and --web.
  • Migration (required if you still used run.py):
  • Bind: main.py resolves host via --host, then api.host, then API_HOST, then default 127.0.0.1. The old wrapper forced 0.0.0.0 for --web — replicate explicitly with --host 0.0.0.0 or environment/config if you need that behavior.
  • Transport: main.py --web requires TLS (--https-cert-file and --https-key-file, or api.https_cert_file / api.https_key_file) or explicit plaintext --allow-insecure-http / api.allow_insecure_http: true. The default Docker image CMD already includes --allow-insecure-http for labs without mounted certs.
  • Docs / quality: docs/USAGE.md (+ pt-BR), sonar-project.properties, completed-plan history (NEXT_STEPS.md); root CHANGELOG.md added for quick scanning.

Changes since 1.6.6

  • Delete run.py; align Sonar sources and operator docs.
  • Patch build 1.6.61.6.7 per VERSIONING checklist.
  • Audit export: --export-audit-trail now includes dashboard_transport posture in the JSON payload.

Bump type

From To Rule (VERSIONING.md)
1.6.6 1.6.7 Build (patch) — same major/minor, +1 build

How to get 1.6.7

  • From source: uv sync at 1.6.7 on main.
  • Docker: after Hub publish: docker pull fabioleitao/data_boar:1.6.7 or :latest if built from this tag.

Build and push Docker image

From repo root, on main at 1.6.7, after tests pass:

.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
.\scripts\docker-hub-publish.ps1 -SkipBuild

Publish (tag + GitHub Release)

After this version is on main:

git pull origin main
git tag v1.6.7
git push origin v1.6.7
gh release create v1.6.7 --notes-file docs/releases/1.6.7.md --title "1.6.7"

After publish: verify

  1. GitHub: Release v1.6.7 and tag point to the intended commit.
  2. Docker Hub: Tags 1.6.7 and latest (if used) — quick smoke.
  3. README (EN + pt-BR): “Current release” = 1.6.7.
  4. Maintenance: .\scripts\maintenance-check.ps1; docker scout quickview fabioleitao/data_boar:1.6.7 as needed.

Full Changelog: v1.6.6...v1.6.7

1.6.6

Choose a tag to compare

@FabioLeitao FabioLeitao released this 25 Mar 18:07

Release 1.6.6

Release date: 2026-03-25

Publish state: 2026-03-25Git tag v1.6.6, GitHub Release, and Docker Hub tags 1.6.6 + latest published from main at this version (see § Publish for reproducible commands).

Version string: 1.6.6 across pyproject.toml, core/about.py fallback, man pages (docs/data_boar.1, docs/data_boar.5), deploy/Docker examples, and README “Current release” (VERSIONING.md).


Highlights

  • Dependencies: requests>=2.33.0 to address CVE-2026-25645 (refresh uv.lock + requirements.txt). pip-audit may still report pygments CVE-2026-4539 until PyPI ships a fix — see DEPENDABOT_PYGMENTS_CVE.md and SECURITY.md.
  • Docs / PMO: PLANS_TODO.md Integration/WIP synced with main; Band A order –1 cadence note to re-check blocked CVEs each pass.
  • Workflow: scripts/pr-merge-when-green.ps1 — ASCII punctuation in messages for Windows PowerShell 5.1 parse reliability.
  • Behaviour vs 1.6.5: Patch — security dependency floor + documentation; no intentional breaking API/config changes.

Changes since 1.6.5

  • Band A (–1 / –1b) hygiene: requests bump, pygments triage doc, SECURITY (EN + pt-BR), maintenance-check.ps1 pointers.
  • Release version alignment 1.6.5 → 1.6.6 across packaging and operator-facing docs.

Bump type

From To Rule (VERSIONING.md)
1.6.5 1.6.6 Build (patch) — same major/minor, +1 build

How to get 1.6.6

  • From source: uv sync at 1.6.6 on main.
  • Docker: docker pull fabioleitao/data_boar:1.6.6 (after Hub publish) or :latest if published from this tag.

Build and push Docker image

From repo root, on main at 1.6.6, after tests pass:

.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
.\scripts\docker-hub-publish.ps1 -SkipBuild

Publish (tag + GitHub Release)

After this version is on main:

git pull origin main
git tag v1.6.6
git push origin v1.6.6
gh release create v1.6.6 --notes-file docs/releases/1.6.6.md --title "1.6.6"

After publish: verify

  1. GitHub: Release v1.6.6 and tag point to the intended commit.
  2. Docker Hub: Tags 1.6.6 and latest (if used) — quick smoke.
  3. README (EN + pt-BR): “Current release” = 1.6.6.
  4. Maintenance: .\scripts\maintenance-check.ps1; docker scout quickview fabioleitao/data_boar:1.6.6 — base-image CVEs may remain no-fix until Debian/python:*-slim refresh (document exceptions as needed).

Full Changelog: v1.6.5...v1.6.6

1.6.5

Choose a tag to compare

@FabioLeitao FabioLeitao released this 24 Mar 09:24

Release 1.6.5

Release date: 2026-03-01

Publish state: VERSIONING checklist below is applied in this repo; Git tag, GitHub Release, and Docker Hub happen after merge to main and operator commands in § Publish (not automatic from this commit alone).

Wabbix / reviewer alignment: Single product version string 1.6.5 across pyproject.toml, runtime metadata, fallback in core/about.py, man pages, deploy/Docker examples, and README “Current release” (see VERSIONING.md).


Highlights

  • Notifications: scripts/notify_webhook.py now passes LocalDBManager (from config sqlite_path, same CWD semantics as the engine) so manual operator sends append to notification_send_log when notifications.notify_audit_log is true; use --no-audit when no local DB (e.g. some CI). Unit test in tests/test_notify.py.
  • Docs: USAGE (EN + pt-BR) updated for the above; PLAN_NOTIFICATIONS_OFFBAND_AND_SCAN_COMPLETE.md Phase 4.4 partial ✅.
  • Behaviour vs 1.6.4: Additive / backward compatible — default notification and audit behaviour unchanged for operators who do not run the manual script; new audit rows only when the script runs with a reachable SQLite file.

Changes since 1.6.4

  • Webhook manual script + audit wiring; documentation and plan sync.
  • Version bump 1.6.4 → 1.6.5 across packaging, man pages, deploy examples, README (see merge checklist in git history).

1. Bump type

From To Rule (see VERSIONING.md)
1.6.4 1.6.5 Build (patch) — same major/minor, +1 build.

How to get 1.6.5

  • From source: uv sync or pip install -e . at 1.6.5.
  • Docker (branded): docker pull fabioleitao/data_boar:1.6.5 (after publish; or :latest if you publish latest from this tag).

Build and push Docker image

From repo root, on main at 1.6.5, after tests pass:

.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
.\scripts\docker-hub-publish.ps1 -SkipBuild

Publish (tag + GitHub Release)

After the version-bump PR is merged to main:

git pull origin main
git tag v1.6.5
git push origin v1.6.5
gh release create v1.6.5 --notes-file docs/releases/1.6.5.md --title "1.6.5"

After publish: verify version coherence (Wabbix-friendly)

  1. GitHub: Release v1.6.5 shows notes; tag points to expected commit.
  2. Docker Hub: Tags 1.6.5 and latest (if used) — smoke docker run … and check /about or logs if needed.
  3. README (both languages): “Current release” matches 1.6.5.
  4. Optional email to reviewers: One sentence: “Shipped v1.6.5; version string aligned across pyproject.toml, README, deploy examples, and Hub per docs/releases/1.6.5.md.”

After publish: maintenance

  • Dependabot / Scout: .\scripts\maintenance-check.ps1 — triage as in 1.6.4.md § After publish.
  • Scout: docker scout quickview fabioleitao/data_boar:1.6.5 (or post-docker-hub-publish.ps1 flow).

Full validation gate

.\scripts\check-all.ps1

Last updated: 2026-03-01 (release notes for 1.6.5).

What's Changed

  • docs(plans): PLANS_TODO dashboard celebrates 1.6.4 by @FabioLeitao in #108
  • chore(deps): pycparser >=3.0 + setuptools >=82.0.1 (#106, #107) by @FabioLeitao in #109
  • feat(cli) + docs: API --host and operator help sync by @FabioLeitao in #110
  • docs(ops): homelab sprint, chord heuristics, markdown sweep, PR hygiene by @FabioLeitao in #111
  • docs(ops): operator lab map, commit/PR batching, merge main by @FabioLeitao in #112
  • docs: compliance split, M-ACCESS sprint guidance, operator/cursor sync by @FabioLeitao in #113
  • docs: compliance split, M-ACCESS, operator notify (Signal/Twilio), plans sync by @FabioLeitao in #114
  • Compliance docs + detection: entertainment ML cap + regression tests by @FabioLeitao in #115
  • feat(richmedia): subtitles, magic bytes, plans and compliance docs by @FabioLeitao in #116
  • Docs/compliance maccess and doc updates by @FabioLeitao in #117
  • docs(workflow): re-apply commit scopes + chore(deps) (recover f65f26d) by @FabioLeitao in #118
  • docs(workflow): collaboration onboarding + Cursor Ubuntu/AppArmor runbooks by @FabioLeitao in #119
  • docs(ops): WRB (Wabbix Review Briefing) — guideline, pacote de envio e pt-BR by @FabioLeitao in #121
  • feat(cli): export audit trail JSON and preserve audit spine semantics by @FabioLeitao in #120
  • ci: pre-commit e job lint — markdown + pt-BR locale; regra docs-pt-br by @FabioLeitao in #122
  • feat(report): phase 1 data-source inventory across connectors by @FabioLeitao in #123

Full Changelog: v1.6.4...v1.6.5